Shopify – an Ottawa-based multinational e-commerce company – has announced that it suffered a data breach which it claims impacted fewer than 200 merchants.
The company notified both the RCMP and the FBI of the breach, which it explained in a statement was caused by “two rogue members” on a support team. Those rogue employees were allegedly “engaged in a scheme to obtain customer transactional records of certain merchants.”
Shopify also revealed that after an investigation process, it terminated the two support team members’ access to the e-commerce platform’s network.
“We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant,” the company said.
Shopify gave assurances that “the vast majority of merchants using Shopify are not affected” by the data breach. Yahoo! Finance reported that, as of 2019, the platform had one million merchants.
Although only about 200 merchants were compromised by the breach incident, Shopify warned that the data of customers related to those affected merchants may have been exposed as well. Customer contact information such as email addresses, names, addresses, order details, as well as products and services purchased, may have been leaked.
“Complete payment card numbers or other sensitive personal or financial information were not part of this incident,” Shopify noted.